Beats packetbeat

by Elasticv9.4.2

Last updated Jun 8, 2026

Monitors the network and applications by sniffing packets

Install with winget

$ winget install --id Elastic.Packetbeat --exact --version 9.4.2

Run in Command Prompt, PowerShell, or Windows Terminal. Prompts for any agreements.

Silent install command for Beats packetbeat

Beats packetbeat uses MSI (WiX). The silent install switches are /quiet /norestart.

One-line silent install (x64, machine scope)

msiexec.exe /i packetbeat-9.4.2-windows-x86_64.msi /quiet /norestart

See the full silent install reference for Beats packetbeat →

Built by Pckgr

For Intune admins

Stop chasing app updates. Pckgr patches them for you.

Automated application patching for Microsoft Intune. Pckgr keeps a curated library of 1,000+ apps continuously up-to-date in your tenant via Microsoft Graph - no manual repackaging, no chasing vendor sites.

Start free 30-day trial

No credit card required.

About

Packetbeat is an open source network packet analyzer that ships the data to Elasticsearch. Think of it like a distributed real-time Wireshark with a lot more analytics features.

The Packetbeat shippers sniff the traffic between your application processes, parse on the fly protocols like HTTP, MySQL, PostgreSQL, Redis or Thrift and correlate the messages into transactions.

For each transaction, the shipper inserts a JSON document into Elasticsearch, where it is stored and indexed. You can then use Kibana to view key metrics and do ad-hoc queries against the data.

Installers · v9.4.2

Architecture	Type	Scope	Install	Download
x64	MSI WiX	machine		Direct

Copy a command tailored to that specific architecture, type, and scope - useful when winget would otherwise pick a different default.

Security

5 known CVEs via NVD

medium5.7Patched in wingetCVE-2026-26933affects before 8.19.11, 9.2.5Mar 19, 2026
Improper Validation of Array Index (CWE-129) in multiple protocol parser components in Packetbeat can lead Denial of Service via Input Data Manipulation (CAPEC-153). An attacker with the ability to send specially crafted, malformed network packets to a monitored network interfac...
Vendor advisory
medium5.7Patched in wingetCVE-2026-26932affects before 8.19.11, 9.2.5Feb 26, 2026
Improper Validation of Array Index (CWE-129) in the PostgreSQL protocol parser in Packetbeat can lead Denial of Service via Input Data Manipulation (CAPEC-153). An attacker can send a specially crafted packet causing a Go runtime panic that terminates the Packetbeat process. Thi...
Vendor advisory
medium5.3Patched in wingetCVE-2025-68388affects before 8.19.9, 9.1.9, 9.2.3Dec 18, 2025
Allocation of resources without limits or throttling (CWE-770) allows an unauthenticated remote attacker to cause excessive allocation (CAPEC-130) of memory and CPU via the integration of malicious IPv4 fragments, leading to a degradation in Packetbeat.
Vendor advisory
medium6.5Patched in wingetCVE-2025-68382affects before 8.19.9, 9.1.9, 9.2.3Dec 18, 2025
Out-of-bounds read (CWE-125) allows an unauthenticated remote attacker to perform a buffer overflow (CAPEC-100) via the NFS protocol dissector, leading to a denial-of-service (DoS) through a reliable process crash when handling truncated XDR-encoded RPC messages.
Vendor advisory
medium6.5Patched in wingetCVE-2025-68381affects before 8.19.9, 9.1.9, 9.2.3Dec 18, 2025
Improper Bounds Check (CWE-787) in Packetbeat can allow a remote unauthenticated attacker to exploit a Buffer Overflow (CAPEC-100) and reliably crash the application or cause significant resource exhaustion via a single crafted UDP packet with an invalid fragment sequence number.
Vendor advisory

Source: NVD, updated just now. Patch status is best-effort: NVD's fix version is compared against the latest version in winget, but the two version formats don't always align. Confirm with the vendor advisory before treating any specific build as safe.

See a CVE that affects your fleet? Push the patched version to Intune in one click with Pckgr - automated patching is the only way to keep up.

Related apps

Beats winlogbeatElastic
Elastic.Winlogbeatv9.4.2
Fetches and ships Windows Event logs
Beats metricbeatElastic
Elastic.Metricbeatv9.4.2
Fetches sets of metrics from the operating system and services
Beats heartbeatElastic
Elastic.Heartbeatv9.4.2
Ping remote services for availability
Beats functionbeatElastic
Elastic.Functionbeatv8.17.3
Ship cloud data with serverless infrastructure.
Beats filebeatElastic
Elastic.Filebeatv9.4.2
Tails and ships log files
ElasticsearchElastic
Elastic.Elasticsearchv7.16.3
Elasticsearch is a distributed, RESTful search and analytics engine

Frequently asked questions

How do I install Beats packetbeat on Windows?

Open Windows Terminal, PowerShell, or Command Prompt and run: winget install --id Elastic.Packetbeat --exact --version 9.4.2. winget downloads the installer from Elastic and runs it. Requires Windows 10 (1809+) or Windows 11.

How do I install Beats packetbeat silently for unattended deployment?

Add --silent and accept the agreements upfront: winget install --id Elastic.Packetbeat --exact 9.4.2 --silent --accept-package-agreements --accept-source-agreements. This is the variant Intune, Configuration Manager, and other deployment tools should use.

What are the silent install switches for Beats packetbeat?

Beats packetbeat uses MSI (WiX). Run the downloaded installer with: msiexec.exe /i packetbeat-9.4.2-windows-x86_64.msi /quiet /norestart. The silent switches are /quiet /norestart.

How do I uninstall Beats packetbeat via winget?

Run: winget uninstall --id Elastic.Packetbeat --exact. Add --silent for unattended uninstalls. winget will use the registered uninstaller from Beats packetbeat's Apps & Features entry.

Is Beats packetbeat free?

Beats packetbeat is distributed under Elastic-2.0. Refer to the publisher (https://www.elastic.co/downloads/beats/packetbeat) for the full license terms - Wingetly itself does not charge for installation.

Does Beats packetbeat work on Windows 10?

Yes, as long as your Windows 10 build supports winget (1809 or newer). winget ships with App Installer on Windows 10/11 and pulls Beats packetbeat directly from the publisher.

How do I keep Beats packetbeat up to date?

Run winget upgrade --id Elastic.Packetbeat --exact, or winget upgrade --all to update everything winget tracks. We index 10 versions of Beats packetbeat from microsoft/winget-pkgs.

Recent versions

9.4.2latest
9.4.1
9.4.0
9.3.4
9.3.3
9.3.2
9.3.1
9.3.0
9.2.4
9.2.3